multi-cloud networking

Experimenting with GCP PBR

Policy-based routes can route traffic based on: destination, protocol,and source.

How to Configure it

PBR requires an internal pass-through network load balancer as next hop:

  • Unmanaged Instance Groups for the AVX spokes:
  • NLB:

Do not forget to create the proper firewall rules for the health checks. HCs are sourced from the following ranges: 130.211.0.0/22 and 35.191.0.0/16.

Create a route but select Policy Based Route from the drop down menu:

Testing

Test is quite simple. From Test VM, if we ping 10.17.60.51 the traffic should not go through the Standalone Gateways but if we ping 192.168.200.3 we should see the traffic flowing through the standalone gateways.

  • Pinging 192.168.200.3:
  • Packet capture on the standalone gateway:
  • Pinging 10.17.60.51:
  • Packet capture on the standalone gateway:

Constraints

  • Policy-based routes don’t support matching traffic based on port
  • Policy-based routes are not exchanged between VPC networks that are connected through VPC Network Peering

You can find more constraints and information on the links listed on the references.

References

https://cloud.google.com/vpc/docs/policy-based-routes

https://cloud.google.com/load-balancing/docs/internal/setting-up-ilb-next-hop

Leave a Reply